USB: serial: kobil_sct: fix NULL-deref in write

commit 21ce57840243c7b70fbc1ebd3dceeb70bb6e9e09 upstream.

Fix NULL-pointer dereference in write() should the device lack the
expected interrupt-out endpoint:

Unable to handle kernel NULL pointer dereference at virtual address 00000054
...
PC is at kobil_write+0x144/0x2a0 [kobil_sct]

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
[bwh: Backported to 3.2: add this check to the existing
 usb_serial_driver::attach implementation]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/drivers/usb/serial/kobil_sct.c b/drivers/usb/serial/kobil_sct.c
index 16a6420..cf5f530 100644 (file)
--- a/drivers/usb/serial/kobil_sct.c
+++ b/drivers/usb/serial/kobil_sct.c
@@ -150,6 +150,11 @@ static int kobil_startup(struct usb_serial *serial)
        struct usb_host_interface *altsetting;
        struct usb_host_endpoint *endpoint;
 
        struct usb_host_interface *altsetting;
        struct usb_host_endpoint *endpoint;
 

+       if (serial->num_interrupt_out < serial->num_ports) {
+               dev_err(&serial->interface->dev, "missing interrupt-out endpoint\n");
+               return -ENODEV;
+       }
+

        priv = kmalloc(sizeof(struct kobil_private), GFP_KERNEL);
        if (!priv)
                return -ENOMEM;
        priv = kmalloc(sizeof(struct kobil_private), GFP_KERNEL);
        if (!priv)
                return -ENOMEM;